Information Security Analyst

Company Overview:

TENEX is an AI-native, automation-first, built-for-scale Managed Detection and Response (MDR) provider. We are a force multiplier for defenders, helping organizations enhance their cybersecurity posture through advanced threat detection, rapid response, and continuous protection. Our team is composed of industry experts with deep experience in cybersecurity, automation, and AI-driven solutions. Backed by leading investors, we are rapidly growing and seeking top talent to join our mission of revolutionizing the MDR landscape.

We’re a fast growing startup backed by industry experts and top tier investor Andreessen Horowitz. As an early employee, you’ll play a meaningful role in defining and building our culture. Get in on the ground floor. We’re a small but well-funded team that just raised a substantial round – joining now comes with limited risk and unlimited upside.

Culture is one of the most important things at TENEX.AI—explore our culture deck at culture.tenex.ai to witness how we embody it, prioritizing the irreplaceable collaboration and community of in-person work.

We are looking for a detail-oriented Information Security Analyst to spearhead our internal compliance efforts and manage our Third-Party Risk Management (TPRM) program.

In this role, you won't just be checking boxes; you will be the architect of the controls that protect our customers' data involving AI and other cutting edge technologies. You will bridge the gap between technical security operations and formal audit requirements, ensuring we remain a gold standard in the industry.

Location: This role will require onsite in our Overland Park, KS or Sarasota, FL location.

Key Responsibilities

1. Internal SOC 1 & SOC 2 Compliance

Audit Readiness: Lead the preparation for annual SOC 1 Type II and SOC 2 Type II audits.

Control Monitoring: Perform continuous testing of technical and administrative controls (e.g., access reviews, change management, encryption standards).

Evidence Collection: Coordinate with Engineering, HR, and DevOps teams to gather and organize audit evidence throughout the year.

Remediation: Identify gaps in current processes and work with department heads to implement corrective actions.

2. Third-Party Risk Management (TPRM)

Vendor Assessments: Conduct security assessments of new and existing vendors, reviewing their SOC reports, ISO certifications, and SIG questionnaires.

Risk Scoring: Evaluate the risk profile of third-party tools and services, providing recommendations to leadership on whether to approve or mitigate risks.

Contract Review: Partner with Legal to ensure security addendums (DSAs/BAsAs) meet our internal compliance requirements.

3. Policy & Governance

Maintain and update the Information Security Management System (ISMS) documentation.

Develop and deliver security awareness training tailored to compliance requirements.

Act as the primary point of contact for client inquiries regarding our security posture.

Required Qualifications & Skills:

Experience: At least 2 years in Information Security, IT Audit, or Compliance (GRC).

Frameworks: Deep understanding of AICPA Trust Services Criteria (SOC 2) and SSAE 18 (SOC 1) along with ISO 27001, NIST-800.

Technical Knowledge: Familiarity with cloud environments (GCP/AWS/Azure), IAM, and vulnerability management.

TPRM Tools: Experience with risk assessment platforms (e.g., OneTrust, Vanta, or Drata).

Certifications: CISA, CRISC, or Security+ preferred (CPA-tracked experience is a plus).

Ideal Candidate Profile:

The "Translator": You can explain complex frameworks like ISO27001, NIST 800, and map them to internal controls in policy documentation to support compliance requirements.

Meticulous: You audit the environment and policies for consistency and enforcement.

Proactive: You don't wait for the audit window to open; you are constantly looking for ways to automate evidence collection.

Education & Certifications:

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience).

Why Join Us?

• Opportunity to work with cutting-edge AI-driven cybersecurity technologies and Google SecOps solutions.

• Collaborate with a talented and innovative team focused on continuously improving security operations.

• Competitive salary and benefits package.

• A culture of growth and development, with opportunities to expand your knowledge in AI, cybersecurity, and emerging technologies.